Access Matrix Access Matrix View protection as a

Access Matrix

Access Matrix � View protection as a matrix (access matrix) � Rows represent domains � Columns represent objects � Access(i, j) is the set of operations that a process executing in Domaini can invoke on Objectj

Use of Access Matrix � If a process in Domain Di tries to do “op” on object Oj, then “op” must be in the access matrix � User who creates object can define access column for that object

Use of Access Matrix � Can be expanded to dynamic protection � Operations to add, delete access rights � Special access rights: � owner of Oi � copy op from Oi to Oj (denoted by “*”) � control – Di can modify Dj access rights � transfer – switch from domain Di to Dj � Copy and Owner applicable to an object � Control applicable to domain object

Use of Access Matrix (Cont. ) � Access matrix design separates mechanism from policy � Mechanism � Operating system provides access-matrix + rules � If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced � Policy � User dictates policy � Who can access what object and in what mode � But doesn’t solve the general confinement problem

Access Matrix of Figure A with Domains as Objects

Access Matrix with Copy Rights

Access Matrix With Owner Rights

Modified Access Matrix of Figure B

References � “Operating System Concepts, " by Abraham Silberschatz, et al, 9 th Edition, 2012, John Wiley & Sons Inc. � Operating Systems: A Spiral Approach 1 st Edition by Ramez Elmasri , A Carrick , David Levine